
package com.bangcommunity.bbframe.sdm.web.shiro.token;

import com.bangcommunity.bbframe.common.exception.ValidateUtil;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 *
 * @version 1.0
 * @author tanghc
 */
public abstract class AbstractTokenAuthorizeFilter extends AccessControlFilter {

    protected Logger logger = LoggerFactory.getLogger(this.getClass());


    protected abstract boolean hasPermition(ServletRequest request,
            ServletResponse response,String resourceId) throws Exception;

    protected abstract String getResourceId( ServletRequest request,
            ServletResponse response) ;

    protected boolean onPermit( ServletRequest request,
            ServletResponse response) throws Exception {
        return true;
    }

    protected boolean onForbbiden( ServletRequest request,
            ServletResponse response,Exception exception) {
        return false;
    }

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        String resourceId = getResourceId(request, response);
        try {
            boolean pass = hasPermition(request, response, resourceId);
            if(pass){
                return onPermit(request, response);
            }
            ValidateUtil.isTrue(pass,"没有权限访问");
            return pass;
        } catch (Exception e) {
            return onForbbiden(request,response,e);
        }
    }

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) {
        return false;
    }



}
